<?php
session_name(DicomScience);
session_start();

/*
 * The writeReports.php Controller listens on http_post option author and message. The Data is stored
 * into the Database. The return object will be nothing. 
 */ 
 
// Getting global settings
require_once('../includes/gset.php');

// Defining response language
$session_language = $_SESSION['lang'];
if ($session_language == "") {
	
	// Assuming Controller has not been triggered by a PHP Session
	if ($lang == 1)	{

		require_once ('../includes/language/german.php');	
			
	} elseif($lang == 2){

		require_once ('../includes/language/english.php');
	
	} elseif($lang == 3){

		require_once ('../includes/language/french.php');
	
	}	
	
}

$blogdate = time();

$repAction = $_POST['action'];
$repID = $_POST['reportId'];
$repHead = $_POST['headline'];
$repDiagnosis = $_POST['diagnosis'];
$repStatus = $_POST['status'];
$repEditor = $_POST['editor'];
$repUsr = $_POST['userName'];
$repText = $_POST['reportText'];

require('../includes/database/connect.php');

/*
 * ACTION CONTROLLER: WHATTA DO - DEPENDING ON THE ACTION FLAG?
 */
if ($repAction == '1'){
	
	$sql_checkUserid = "SELECT id_staff, username, firstname, lastname from staff WHERE id_staff = '$repEditor'";
	$checkUserid = mysql_query($sql_checkUserid);		
	
	while($id = mysql_fetch_object($checkUserid)){
	
		$usrid = $id->id_staff;
	
	}
	
	if ($usrid == $repEditor){
	
		$sql_removeReport = "DELETE FROM reports WHERE id_report = '$repID'";
		$removeReport = mysql_query($sql_removeReport);
		header("Content-type: text/xml");	
		echo "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>";
		echo "<newReport>";
		echo "<status>success</status>";
		echo "</newReport>";
		
	} else {
		header("Content-type: text/xml");
		echo "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>";
		echo "<newReport>";
		echo "<status>error</status>";
		echo "</newReport>";

	}

} elseif ($repAction == '2') {
	
	$sql_checkUserid = "SELECT id_staff, username, firstname, lastname from staff WHERE id_staff = '$repEditor'";
	$checkUserid = mysql_query($sql_checkUserid);		
	
	while($id = mysql_fetch_object($checkUserid)){
	
		$usrid = $id->id_staff;
	
	}
	
	if ($usrid == $repEditor){
	
		$sql_updateReport = "INSERT INTO reports SET id_staff = '$repEditor', headline = '$repHead', diagnosis = '$repDiagnosis', report = '$repText', last_modified = '$blogdate', status = '$repStatus'";
		$updateReport = mysql_query($sql_updateReport);
		header("Content-type: text/xml");
		echo "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>";
		echo "<newReport>";
		echo "<status>success</status>";
		echo "</newReport>";
		
	} else {
		header("Content-type: text/xml");
		echo "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>";
		echo "<newReport>";
		echo "<status>error</status>";
		echo "</newReport>";

	}
	
} elseif ($repAction == '3'){
	
	$sql_checkUserid = "SELECT id_staff, username, firstname, lastname from staff WHERE id_staff = '$repEditor'";
	$checkUserid = mysql_query($sql_checkUserid);		
	
	while($id = mysql_fetch_object($checkUserid)){
	
		$usrid = $id->id_staff;
	
	}
	
	if ($usrid == $repEditor){
	
		$sql_newReport = "UPDATE reports SET headline = '$repHead', diagnosis = '$repDiagnosis', report = '$repText', last_modified = '$blogdate', id_staff = '$repEditor', status = '$repStatus' WHERE id_report = '$repID' ";
		$updateReport = mysql_query($sql_newReport);
		header("Content-type: text/xml");
		echo "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>";
		echo "<newReport>";
		echo "<status>success</status>";
		echo "</newReport>";
		
	} else {
		header("Content-type: text/xml");
		echo "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>";
		echo "<newReport>";
		echo "<status>error</status>";
		echo "</newReport>";
		
	}
	
	
}

require('../includes/database/closedb.php');

